Key Takeaways:
- The hackers used MEE6 bot to add permissions to a fake Jiho account.
- Ronin attacker transferred 5,505 ETHs to a new address.
LAGOS (CoinChapter.com) — Axie Infinity (AXS) has suffered another shock after losing 173,600 Ethereum, and 25.5 million USDC to hackers in security exploit earlier this year.
On Wednesday, the blockchain gaming platform revealed that cybercriminals had compromised the ‘MEE6 bot’ on its main server.
According to the announcement, the hackers used the MEE6 bot to add permissions to a fake Jiho account. As a result of the exploit, the hacker created fake announcements about minting on Axie’s Discord channel.
It is worth noting that MEE6 is a Discord bot that allows admins to automatically give and remove roles and send general messages on the app.
Axie Infinity noted that they had deleted all the announcements made by the hacker, which limited the damage. However, it urged users not to participate in giveaway rounds, adding that Axie will never do a surprising mint.
“The announcements have been deleted but some users may still see the message until they restart their Discord. We have removed the Mee6 bot from the server and will never do a surprising mint.”
Axie Infinity said.
Additionally, the gaming platform indicated that other projects with the MEE6 bot installed also suffered similar exploits. Notably, platforms like Moonbirds, Cool Cats, RTFKT, PXN, Memeland, and Cool Cats were reportedly also compromised.
Stolen Funds From Axie Infinity’s Ronin Bridge On The Move
Meanwhile, in another development report emerged today that the hacker who stole over $625 million from the Ronin Network is moving some of the funds again.
Axie Infinity’s Ronin attacker reportedly moved around $10 million worth of Ethereum in the early hours of today. According to data from Etherscan, a wallet was funded by an address directly linked to the Ronin network exploiter address.
The blockchain data indicated that the Axie Infinity hacker moved about 5,505 ETH in batches of 100 to Tornado Cash. The hacker’s address had transferred funds out about times since May 14. Notably, a total of 23,525.5 ETH have been transferred to Tornado Cash at 100 ETH per transaction.
It is worth noting that most hackers utilize Tornado Cash’s on-chain privacy tool to move illicit crypto funds. Tornado’s privacy tool disconnects the on-chain link between a source and destination address. That enables hackers to mask their addresses while converting illicit crypto funds into fiat.
U.S. Dept of Treasury Sanction Having No Impact On Hackers
Additionally, it is worth noting that the United States Department of Treasury’s Office has named North Korea-based hacking group Lazarus as the perpetrator of the Axie Infinity exploit.
The U.S. Office of Foreign Assets Control (OFAC) has since added an Ethereum wallet address linked with the hackers to its sanctions list. But this seems to have little to no effect as the stolen fund are still being moved.
Furthermore, following the exploit, Axie Infinity has been experiencing turbulence as projects on the platform seem to be failing/delayed. As a result, the project native toke has also plunged by over 50% in the last 30 days.
